on 01-15-2009 1:35 PM
Hi All,
We have ECC 6.0 with Oracle db on WINDOWS OS. We have installed SAP Router and have also applied the SNC license. I am able to successfully do a test connection to SAPOSS rfc thro sm59. Now, the issue is that when i try to connect to my SAP (from a remote location ) thro router string it says "Route permission denied (x ip address to y ip address sapdp01)"
X ip address is the ip address of our firewall
y ip address is the ip address of our sap server.
I thought that the issue could be in the hardware firewall, but the network guy says that he created a rule and allowed all the access.
In my routtab file I have given incoming access to all the ip address.
Many Thanks,
Balakrishnan.
Edited by: Balakrishnan S on Jan 15, 2009 2:36 PM
Hi,
The error is coming from the saprouter itself so this does not have anything to do with Firewall.
Could you paste here your saprouttab file to try to help you out?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi All,
My dev_rout file entry is:
-
trc file: "dev_rout", trc level: 1, release: "700"
-
Fri Jan 16 11:51:19 2009
SAP Network Interface Router, Version 38.0
command line arg 0: saprouter
command line arg 1: -r
command line arg 2: -G
command line arg 3: routerlog
command line arg 4: -S
command line arg 5: 3299
command line arg 6: -K
command line arg 7: p:CN=sapdevp, OU=0000812770, OU=SAProuter, O=SAP, C=DE
SncInit(): Initializing Secure Network Communication (SNC)
PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 16/32/32)
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "D:\saprouter1\ntintel\sapcrypto.dll".
File "D:\saprouter1\ntintel\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
The internal Adapter for the loaded GSS-API mechanism identifies as:
Internal SNC-Adapter (Rev 1.0) to SECUDE 5/GSS-API v2
main: pid = 1532, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
reading routtab: './saprouttab'
Fri Jan 16 11:51:49 2009
WARNING => NiBufISetHS: ready could not be freed (hdl 2) [nibuf.cpp 4356]
Fri Jan 16 11:51:53 2009
WARNING => NiBufISetHS: ready could not be freed (hdl 1) [nibuf.cpp 4356]
Fri Jan 16 11:51:59 2009
WARNING => NiBufISetHS: ready could not be freed (hdl 4) [nibuf.cpp 4356]
Fri Jan 16 11:52:45 2009
NiHsLGetHostName: to get 192.168.0.10 failed in 4501ms (tl=2000ms; UC)
Fri Jan 16 11:52:48 2009
no match for [192.168.0.10 to 192.168.0.205, 3201] found
ERROR => NiRClientHandle: NiRExRouteCon for C5/-1 '192.168.0.10' failed (rc=-94) [nirout.cpp 2238]
My routtab entry is:
SNC-connection from and to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC-connection from SAP to local R/3-System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.0.205 03
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.0.205 01
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.0.236 01
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.0.231 01
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.0.232 01
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.0.2 01
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.0.10 *
Allowing access from local network to SAP through all port (instance)
P * 194.39.131.34 3299
P 192.168.0.10 194.39.131.34 3299
#D * * *
Regards,
Balakrishnan
Hi Bala,
If this is new install, have you tried to open a connection from Service Market place to your system and has SAP been successful in connecting to your system? Please try that.
Please configure your saprout tab to permit access from outside network to internal ip address on port 32xx.
Thanks
Mikir
Allowing access from local network to SAP through all port (instance)
P * 194.39.131.34 3299
P 192.168.0.10 194.39.131.34 3299
This lines are not necesary as per your first line starting with KT you are telling the saprouter to allow all access from your saprouter going to sapserv2 in any port so you should delete this lines.
If you are going to allow connections using sapgui to your internal sap servers then you should use:
P (incoming IP or * for all) (target IP SAP server) (instance port)
At this time you are allowing only connections from a to SAP service, no sapgui connection is allowed that's why sm59 is working fine.
To do a connection insert a line like this:
P * 192.168.x.x 3200
P ( * or source IP) (IP for a SAP server in your LAN) (the port for that SAP instance)
Then try to do a connection and you will be fine.
Good Luck
Edited by: AC on Jan 16, 2009 2:43 PM
Hi,
The SAPROUTTAB file should not have P * * * entry, in case of SNC connection this entry will not support.
The entries should more specific to the sap server you want to access.
Pls find below the sample SAPROUTTAB file
#SNC-connection to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
#SNC-connection from SAP to local
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"
#Access from your local Network
P * 194.39.131.34 3299
#All other connections will be
P * 192.168.100.21 32xx
P * 192.168.100.21 32xx
P * 192.168.100.21 32xx
D * * *
Hope it helps
Regards
KT
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Check the saprouter logfile - it will tell you what configuration in the saprouter is missing.
Markus
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.